How To Check What All Programs Will Run When User Logged On To Computer.

The following knowledgebase will tell you how you can check what all programs will run when user has logged on to the computer.

When user logs on to the computer the Winlogon service will use the following registry entry to run any programs (if specified):

HKLM\Software\Micrsofot\Windows\CurrentVersion\Run

HKLM\Software\Micrsofot\Windows\CurrentVersion\RunOnce

The above two registry entries are used by Winlogon service after user has logged on to the system successfully. The Winlogon service will create a list of programs to run.

Please note that domain policy may override this setting if specified. You can also use Group Policy settings to block any program to run.

You can use the following script to check the programs in Run or RunOnce registry key on remote computer.

*** Start ***

@echo off

Set RegQry=HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Set RegQry1=HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

REG.exe Query \\remote_computer\%RegQry% > CheckRun.txt

REG.exe Query \\remote_computer\%RegQry1% > CheckRunOnce.txt

Echo Programs on Computer : Remote_Computer >> Programs.txt

For /F “Skip=5 Tokens=*” %%a In (CheckRun.txt) Do (

Echo %%a >> Programs.txt

)

For /F “Skip=5 Tokens=*” %%a In (CheckRunOnce.txt) Do (

Echo %%a >> Programs.txt

)

*** End ***

You can use PSEXEC (a tool from Sysinternals) to run this script remotely and then redirect the output in a Text file.

Leave a Reply

Your email address will not be published. Required fields are marked *